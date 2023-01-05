The maintainers of the PyTorch package (if you don’t know: it’s a machine learning framework, see the official site) they have warned users who installed the nightly builds of the library between December 25, 2022 and December 30, 2022, to uninstall and download the latest versions following a attack employed.

What are the potential dangers of malicious code accidentally placed on PyTorch?

“PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised in the Python Package Index (PyPI) code repository and ran a malicious binary“said the framework team of the same name in a warning published during the weekend.

This framework, like others such as Keras and TensorFlow, is an open source Python-based machine learning framework originally developed by Meta Platforms.

The PyTorch team said it became aware of the harmful addiction on December 30, at 4:40pm GMT; The serial attack exploiting the flaw resulted in the malware-soaked copy of a legitimate dependency named torchtriton being uploaded to the Python Package Index (PyPI) code repository.

Since package managers (see pip) check public code logs such as pyPI for a private registry package, it allowed the malicious module to be installed on users’ systems instead of the actual version pulled from the third-party index (like from Github for example).

The “malicious” version, for its part, is designed to scrape system information, including development environment variables, current working directories, and hostname, as well as accessing the following files:

/etc/hosts

/etc/passwd

The first 1,000 files in $HOME/*

$HOME/.gitconfig

$HOME/.ssh/*

In a declaration of Bleeping Computer, the owner of the domain to which the stolen data was transmitted said that he was part of an ethical research team and that all data has since been deleted (a so-called white hat).

Also, torchtriton has been removed as a dependency and replaced with pytorch-triton, which is a package fictitious it was also registered on PyPI as a “flag” to prevent further abuse.

“This is not the actual torchtriton package but it was uploaded here to uncover dependency confusion vulnerabilities“, was stated in a post on the PyPI page for torchtriton. “You can get real torchtriton from https://download.pytorch[.]org/whl/nightly/torchtriton/.”

Further developments come as JFrog revealed details of another package known as cookiezlog that it has been observed using anti-debug techniques to resist security scrutiny (antivirus, antimalware, etc), marking the first time such mechanisms have been incorporated into the unintentional PyPI “malware”.

Python bugs and vulnerabilities on Linux aren’t exactly new

Some time ago there was the Python library problem that persisted for a good fifteen years.

The fact is that Python is much more common on Linux than on Windows, this means that in the event of security issues with Python (or associated programs and frameworks as in this case with PyTorch), Linux users will have to be more careful than Windows.

However, this paradox on the security of Linux systems should be analyzed in a separate article, because while it is true that it has fewer attacks, it is also true that the diffusion of Linux systems is less, in addition to the fact that there are no targeted controls on attacks on Linux systems as there is for Windows and MacOS.